Sunday, November 4, 2018

LastPass vs 1Password vs KeyReel

The most popular paid password managers out there have strengths that make them the first choice of millions of users. So why did we build KeyReel? Well, let’s see how KeyReel stacks up compared to LastPass and 1Password.

LastPass

LastPass is one of the most popular password apps because it’s among the least expensive and it’s simple to use. It’s built on a cloud server that stores all your passwords and allows you to access them from any device on any platform.

You only need one password to log in to the vault that will instantly fill in the login details for any account stored in it, so it’s easy to make one that’s long and strong. The paid version allows you to require a second authentication factor.

Why isn’t it enough?

When you need to log in, it may be convenient to only need to remember one password, but it’s also a hassle to use it every time. Users will check the “keep me signed in” box on accounts they use frequently just to avoid having to enter any password at all. This is a dangerous habit that literally leaves accounts open to hackers 24/7, even while the computer isn’t in use by the user. LastPass doesn’t solve it by replacing many passwords with one. This makes it virtually as insecure as storing your password in the browser itself--and the password managers in most popular browsers are not known for best security.

LastPass stores all user information on its own cloud server. It makes a favorite target of hackers: a gold mine full of the sensitive account information of so many users. In 2015, LastPass’s server actually succumbed to a raid.

We wanted to log in automatically and keep our data out of the crosshairs of hackers. And we noticed that LastPass was buggy. So it didn’t work well on many sites, and on others it simply didn’t work, requiring us to create entries manually.

And although convenient, a password manager that syncs data across multiple devices on a network makes the loss of just one device a threat to all user data.

1Password

Like LastPass, 1Password also stores your passwords on the cloud so you can access them using one “master password” from its cloud server. 1Password touts the fact that its components are standard and open source.

User data is stored encrypted on the server, and can only be accessed by the master password, which only the user knows.

Each user gets a secret key that strengthens the master password by being generated locally.

You can store passwords and many other types of sensitive data, tag and sort it in the ways that are most convenient for you, and logs you in automatically.

Why isn’t it enough?

1Password has some of the same drawbacks as LastPass, being a cloud server most likely to be targeted by hackers, as well as requiring a password for every single login. In fact, it was criticized for discontinuing its offline version. But all its myriad features and options also make 1Password a lot more app than we bargained for, with many more features than most users will need.

And just as with LastPass, we wanted a password app that allowed us to keep control of and manage our own data. We noticed that entering that master password over and over again throughout one browsing session got tedious. Tedium is dangerous when it comes to security because it tempts users to create simple, low-security master passwords. And that defeats the purpose of the app.

Besides, a keylogger or spycam has a higher chance of compromising master passwords that need to be entered multiple times a day--and may be entered in the wrong entry field due to user error, exposing all its characters on screen.

1Password’s focus on managing passwords actually makes the organization of passwords another thing to worry about. We wanted something that allows passwords to work like a key does in a lock: keep your key safe until you need to use it, and don’t worry about it it until you need it again. To us, the safety and ease of the login experience counts most toward a smoother browsing experience. So we kept searching for a light, mostly invisible app, with only the features users love and use most.

KeyReel

So rather than focusing on the organization of secure passwords and files, KeyReel’s iPhone and MacOS apps sync with its browser extension to make login experience itself minimalist, safe, and local. Passwords are stored in an encrypted vault on your iPhone and accessed by your Mac via secure, local Bluetooth connection.

You don’t need ever to enter your master password (unless you recovering database from the backup). Whenever you browse on your computer with your iPhone within Bluetooth range, the requested information automatically appears in the login screen. When you pick up your phone and leave your computer behind, the encrypted Bluetooth link is broken, and your passwords stay with you on your phone.

For more sensitive accounts that store banking, medical, and other personal data, you have the option to add a second authentication factor sent to your phone, which you can verify via PIN or TouchID. Because your passwords are stored locally and sent via local connection, the information never crosses the path of any hacker on any network.

Although the local connection gave us peace of mind about its safety for data storage and transfer, we still wanted the speed and convenience of cloud apps. So we built lightweight iOS and MacOS apps, and a practically invisible web extension. As the three components run as one, it’s barely noticeable in operation.

Feedback from beta-testers and early adopters told us the most important features to them are data import/export and password generation capabilities. So we’ve added those as well as the ability to add notes to each account, but we’ve kept our focus on the login experience. Now KeyReel’s advanced web parsing is better at detecting login screens than both LastPass and 1Password.

If you want to try KeyReel, now’s the time! We’re going to be switching to a premium model soon as part of KeyReel’s growth into the ultimate login assistant. We would love to have you with us on the journey. Remember: all your data stays with you, you get access to all its features, and you don’t even need to set up a new account. Happy logins!